13
2012
Banks’ websites attacked… again
Yet again major international banks were attacked with a basic DDoS. This Distributed Denial of Service attack simply slowed down/blacked out their websites, not personally identifiable information was actually accessed. This is not a new thing, less than two months ago this happened to some of the same banks, primarily Bank of America who has become an easy target for some.
A group of hackers calling themselves “al-Qassam Cyber Fighters” again taking responsibility for the disruptions. The group wreaked havoc with online banking websites in September and October, too.
Wednesday afternoon, PNC bank said on its Facebook page that “some customers are experiencing slowness or difficulty accessing online and mobile banking.” Earlier, the bank had taken the unusual step of warning consumers about possible outages ahead of time.
“PNC is aware that some U.S. banks may be the target of a potential cyberattack,” the bank wrote on Facebook. “This potential threat could result in high volume of electronic traffic that may make it difficult for our customers to log onto online banking.” The bank also clarified that any potential disruptions would not impact customer information or privacy.
In a statement published at its usual hacker online hangout, al-Qassam Al-Qassam said it was also targeting U.S. Bancorp, JP Morgan Chase & Co., Bank of America, and SunTrust Banks, Inc. There have been various media reports of outages at those banks, too. BankInfoSecurity.com reported that SunTrust suffered intermittent outages on Tuesday, and that Bank of America said it had isolated problems.
During the fall, such outages became routine for many major U.S. banks, as the hacker group posted its targets on Monday, and then issued attacks that usually lasted through Thursday.
In an email sent to NBC News, the group explained its nearly two-month hiatus this way:
“There have happened so many events. Sandy storm, Presidential Election in the United States, and especially unequal war imposed from Zionist Regime, those were kind of significant events that delayed starting the second phase,” the group wrote, in an email that came from the domain myway.com. It also reiterated its claim that the attacks are a protest against a controversial video posted to YouTube earlier this year that offended Muslims. The email contained an additional warning:
“The wideness and the number of attacks will increase explicitly,” it said. “Offenders and subsequently their governmental supporters will not be able to imagine and forecast the widespread and greatness of these attacks.”
Hacker boasting aside, experts have warned that the denial of service technique being used to repeatedly attack banks is powerful; many banks have so far been unable to completely defend against the attacks, even with advance warning.
Rodney Joffe, senior technologist at Internet infrastructure provider Neustar, said in October to NBC News that the best some banks can do to prepare is to have a sincere-sounding apology at the ready, backed up with a plan B that points customers to an alternative method of communication such as a call center.
“There is in fact no way to defend against it properly,” said Joffe, who has helped banks try to recover from the attacks. “We can mitigate the attacks to some extent, but it is very difficult to keep systems up…This is one of our worst nightmares.”
Some information received from NBCnews article